[erlang-questions] asn1 and the new ssl module

Jakob Cederlund <>
Fri Feb 22 15:33:23 CET 2008


Hmm, I did something wrong here, I should of course skip the tag first.
Please try the following change to ssl_connection, or use your own patch.

check_asn1(<<Byte, Bin/binary>>) when (Byte band 127) == 127 ->
    asn1_long_tag(Bin, 1);
check_asn1(<<?BYTE(Size), _/binary>>) when Size < 127 ->
    {Size + 1, 0};
check_asn1(<<?BYTE(128), _/binary>>) ->
    {1, 0};
check_asn1(<<?BYTE(129), ?BYTE(Size), _/binary>>) ->
    {Size+2, 0};
check_asn1(<<?BYTE(130), ?UINT16(Size), _/binary>>) ->
    {Size+3, 0};
check_asn1(<<?BYTE(131), ?UINT24(Size), _/binary>>) ->
    {Size+4, 0};
check_asn1(<<?BYTE(132), ?UINT32(Size), _/binary>>) ->
    {Size+5, 0}.

asn1_long_tag(<<Byte, Bin/binary>>, N) when (Byte band 128) == 128 ->
    asn1_long_tag(Bin, N+1);
asn1_long_tag(<<_, Bin/binary>>, N) ->
    {BytesToRead, _} = check_asn1(Bin),
    {BytesToRead+N, 0}.

/Jakob


Pablo Polvorin wrote:
> Hi,
> thanks for the patch!
> perhaps i had been doing something wrong, but i couldn't make your
> patch work for my.
> Immediately after upgrading a gen_tcp socket to ssl, I get this error
> {function_clause,
>                         [{ssl_connection,check_packet,[asn1,<<>>,0]..
>
> After fixing this adding a new case to check_packet(asn1,..), it still
> doesn't work, and returns data that is not an asn1-completed packet.
>
> Digging in the ber encoding documentation and
> asn1rt_ber_bin:decode_tag_and_length/1, each packet seems to looks
> like <<Tag,PacketLength,Packet>>, where the size of the Tag field
> isn't know, and the size of the PacketLength field could be anything
> between 1 and 128 bytes.  Are you taking this into account?
>
> Here is my version of a patch(R12B-1) for this, its based in my
> previous code (and so depends on the asn1 application.. witch is
> somewhat awkward as the api for decode_tag_and_length/1 doesn't define
> what error it would throw when the tag or length field isn't
> complete).
>
> best regards, pablo.
>
>
>
> 2008/2/20, Jakob Cederlund <>:
>   
>>  thisIt was very useful, thanks!
>>  And here is a patch. It simply adds asn1 package support for the new ssl.
>> It should work with R12B-1, and probably fine with R12B.
>>  Hope this helps!
>>  /Jakob
>>
>>
>>
>>  Pablo Polvorin wrote:
>>  Thanks for the clarification!
>>
>> ...it isn't a patch, .. probably it isn't usefull to you. .
>> anyway, this is the code i'm using
>> http://ppolv.wordpress.com/2008/02/15/erlang-ssl-and-asn1/
>>
>> cheers
>> pablo
>>
>> 2008/2/15, Jakob Cederlund <>:
>>
>>
>>  Nope, not yet.
>>  Currently, the new ssl (the one you get with {ssl_imp, new}) only
>>  supports these packet-options: raw, 1, 2, 4, cdr and line. (Packaging is
>>  handled by the function ssl_connection:check_packet/3.) The rest are
>>  fairly easy to add, and we hope to do that in the next release. Patches
>>  are welcome! :-)
>>
>> /Jakob
>>
>>
>>  Pablo Polvorin wrote:
>>  > Hi all,
>>  > I'm using the new ssl module to "upgrade" a gen_tcp socket to ssl. But
>>  > I couldn't find a way to easily receiving asn1 packets from it.
>>  > My question is, it's possible to use the {packet,asn1} option when
>>  > using the new ssl module?.
>>  >
>>  > ssl_connection.erl seems to not have any reference to that option.
>>  >
>>  > Finally I implemented the buffering and packet delimiting code in my
>>  > application, but I wonder if there is an easy and early way to
>>  > accomplish the same.
>>  > regards,
>>  >
>>
>>
>>
>>
>>
>>
>>
>>
>>     




More information about the erlang-questions mailing list